Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
  • G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/08—Payment architectures
  • G06Q20/14—Payment architectures specially adapted for billing systems
  • G06Q20/145—Payments according to the detected use or quantity
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L12/00—Data switching networks
  • H04L12/02—Details
  • H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
  • H04L12/1432—Metric aspects
  • H04L12/1435—Metric aspects volume-based
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
  • H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/01—Protocols
  • H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
  • H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/01—Protocols
  • H04L67/10—Protocols in which an application is distributed across nodes in the network
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/01—Protocols
  • H04L67/10—Protocols in which an application is distributed across nodes in the network
  • H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/50—Network services
  • H04L67/535—Tracking the activity of the user
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/50—Network services
  • H04L67/55—Push-based network services
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/50—Network services
  • H04L67/56—Provisioning of proxy services
  • H04L67/567—Integrating service provisioning from a plurality of service providers
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F11/00—Error detection; Error correction; Monitoring
  • G06F11/30—Monitoring
  • G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
  • G06F11/3466—Performance evaluation by tracing or monitoring
  • G06F11/3476—Data logging

Definitions

• SW information technology
• Floating licensing is a software licensing approach in which a limited number of Hcenses for a software application are shared among a lareer number of users over time.
• an authorized user wishes to run the application they request a license from a central license server. I a license is available the license server allows the application to run. When they finish using the application, or when the allowed license period expires, the license is reclaimed by the license server and made available to other authorized users.
• Cloud computing is the use of computing resources (hardware and software) that are deli vered as a service over a network (typically the Internet).
• SW is sold as a service (SaaS - Software as a Service); the most common model is the one of monthly subscriptions.
• SaaS applications are sold under a "named subscription" model. This means that subscriptions to SaaS applications are in reality assigned to subscribers or users, real persons that are uniquely identified by the vendor, usually through their e-mail address (a unique identifier). SaaS applications run on remote servers and are accessed through a browser. Consequently, they can be accessed through a vast range of devices. The traditional univocal relation between user and device no longer applies.
• FIG. I is a schematic view of an exemplary operating environment in which an embodiment of the invention can be implemented.
• FIG. 2 is a functional block diagram of an exemplary operating environment in which an embodiment of the invention can be implemented
• FIG. 3 is a functional block diagram of an exemplary operating environment i which an embodiment of the invention can be implemented;
• FIGS, 4-6 illustrate alternative embodiments of the invention i which data may be collected
• FIGS, 7-10 illustrate multiple graphic usage analyses that may be generated according to at least one embodiment of the invention .
• [00181 F G. 11 is a functional block diagram of an alternative exemplary operating environment in which an embodiment of the invention can be implemented.
• a source of usage data may include an externa! application programming interface (API).
• API application programming interface
• client entities such as software developers, system integrators or partners, to customize and integrate an embodiment into their own SaaS application instances, be they third party SaaS applications, custom add-ons to third party SaaS applications or even proprietary in-house SaaS applications.
• client entities will be able to let an embodiment collect additional data that m y reside in off-site databases. This data can then be used on its own or combined with other data collected in the customer's instance of an embodiment and analyzed using analytics tools employing principles of an embodiment.
• the API allows client entities to write (i.e., push) data to one or more administrators of elements of at least one embodiment.
• client entities i.e., push
• any SaaS application can write its data to one or more administrators of elements of at least one embodiment, without additional installation or connection to a particular software instance.
• the creator When software is created, the creator typically "instruments" it. That is, the creator may log usage and performance data so that the creator can do, for example, bug checks, performance management, etc.
• the API of at least one embodiment may be thought of as allowing a client entity to remotely instrument directl to one or more administrators of elements of at least one embodiment rather than to a log file locally.
• Embodiments of the invention provide features including a universal mechanism to support various authentication mechanisms introduced by cloud applications. environment and convenient tools for IT people to manage cloud applications subscriptions and to provisio and de-provision applications, device-independent usage tracking, location- independent usage tracking, development tools, SOA, and open source integration scripts with various cloud-application vendors.
• FIG. i illustrates an example of a computing system environment 100 in which an embodiment of the invention may be implemented.
• the computing system environment 100 is an example of a suitable computing environment; however it is appreciated that other environments, systems, and devices may be used to implement various embodiments of the invention as described in more detail below.
• Embodiments of the invention may be implemented in hardware, firmware, software, or a combination of two or more of each.
• Embodiments of the invention ma he operational with numerous general-purpose or special purpose computing system environments or configurations. Examples of well-known computing systems, environments, and/or configurations that may he suitable for use with embodiments of the invention include, hut are not limited to, personal computers, server computers, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
• Embodiments of the invention may be described in the general context of computer-executable instructions, such as program modules being executed by a computer.
• program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
• Embodiments of the invention may also be practiced in distributed-computing environments where tasks are performed b remote processing devices that are linked through a communications network.
• program modules may be located in both local and remote computer storage media including memory storage devices.
• an exemplary system for implementing a embodiment of the invention includes a computing device, such as computing device 100,
• the computing device 100 typically includes at least one processing unit 102 and memory 104.
• memory 104 may be volatile (such as random-access memory (RAM)), nonvolatile ⁇ such as read-only memory (ROM), flash memory, etc.) or some combination of the two. This most basic configuration is illustrated in FIG. .1 by dashed line 106.
• RAM random-access memory
• ROM read-only memory
• flash memory etc.
• the device 100 may have additional features, aspects, and functionality.
• the device 100 may include additional storage (removable and or non-removable) which may take the fonn of, but is not limited to, magnetic or optical disks or tapes.
• additional storage is illustrated in FIG. 1 by removable storage 108 and nonremovable storage 1 1 .
• Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data.
• Memory 104, removable storage 108 and non-removable storage 1 10 are all examples of computer storage media.
• Computer storage media includes, but is not limited to, RAM, ROM, BE PROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by device 100. Any such computer storage media may be part of device 100.
• the device 100 may also include a communications connection 1 12 that allows the device to communicate with other devices.
• the communications connection 1 12 is an example of communication media.
• Communication media typically embodies computer- readable instructions, data structures, program modules or other data in a modulaied data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
• modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
• the communication media includes wired media such as a wired network or direct-wired connection, arid, wireless media such as acoustic, radio-frequency (RF), infrared and other wireless media.
• RF radio-frequency
• the term computer-readable media as used herei includes both storage media and communication media.
• the device 100 may also have an input device 1 14 such as keyboard, mouse, pen, voice-input device, touch-input device, etc. Further, an output device 116 such as a display, speakers, printer, etc. may also be included. Additional input devices .1 14 and output devices 1 16 may be included depending on a desired functionality of the device 100.
• an input device 1 14 such as keyboard, mouse, pen, voice-input device, touch-input device, etc.
• an output device 116 such as a display, speakers, printer, etc.
• Additional input devices .1 14 and output devices 1 16 may be included depending on a desired functionality of the device 100.
• the combination of software or computer-executable instructions with a computer-readable medium results in the creation of a machine or apparatus.
• the execution of software or computer-executable instructions by a processing device results in the creation of a machine or apparatus, which may be distinguishable from the processing device, itself, according to an embodiment.
• a computer-readable medium is transformed by storing software or computer-executable instructions thereon.
• a processing device is transformed in the course of executing software or computer-executable instructions.
• a fust set of data input to a processing device during, or otherwise in association with, the execution of software or computer- executable instructions by the processing device is transformed into a second set of data as a consequence of such execution. This second data set may subsequently be stored, displayed, or otherwise communicated.
• Such transformation alluded to in each of the above examples, may be a consequence of, or otherwise involve, the physical alteration of portions of a computer-readable medium.
• Such transformation may also be a consequence of, or otherwise involve, the physical alteration of, for example, the states of registers and/or counters associated with a processing device during execution of software or computer-executable instructions by the processing device.
• an embodiment of the present inventio may take the form, and/or may be implemented using one or more elements, of an exemplary computer network system 200.
• the system 200 includes an electronic client device 210, such as a. personal computer or workstation, tablet or smart phone, that is linked via a communication medium, such as a network 220 (e.g., the internet), to an electronic device or system, such as a server 230.
• a network 220 e.g., the internet
• the server 230 may further be coupled, or otherwise have access, to a database 240 and a computer system 260.
• a database 240 may further be coupled, or otherwise have access, to a database 240 and a computer system 260.
• FIG. 2 includes one server 230 coupled to one client device 210 via the network 220, it. should be recognized that embodiments of the inventio may be implemented using one or more such client devices coupled to one or more such servers.
• the client device 2.10 and the server 230 may include all or fewer than all of the features associated with the device 100 illustrated in and discussed with reference to FIG. 1.
• the client device 210 includes or is otherwise coupled to a computer screen or display 250.
• the client device 210 may be used for various purposes such as neiwork- and local- computing processes.
• the client device 210 is linked via the network 220 to server 230 so thai computer programs, such as, for example, a browser, running on the client device 210 can cooperate in two-way communication wit server 230.
• the server 230 may be coupled to database 240 to retrieve information therefrom and to store information thereto.
• Database 240 may have stored therei data (not shown) that can be used by the server 230 to enable performance of various aspects of embodiments of the invention.
• the server 230 may be coupled to the computer system 260 in a manner allowing the server to delegate certain processing functions to the computer system.
• the client device 210 may bypass network 220 and communicate directly with computer system 260.
• FIG. 3 illustrates a system 310 according to an embodiment of the in vention, and the elements illustrated in FIG. 3 may be identical, or otherwise function in a manner similar, to elements described above with reference to FIG. 2.
• System 310 includes an application adaptor 320, serving as a collection module, a memory device, such as a storage module 330, and a. processing module (processor) 340.
• the adaptor 320 is configured to interact with a set of client devices 360 employed by end users and/or a. plurality of software applications 370 (i.e., SaaS applications) hosted on a network including one or more servers 380.
• software applications 370 i.e., SaaS applications
• adaptor 320 is an application- specific component, that can be configured to recognize or otherwise discover the object model of and operation(s) thai can be applied on specific object types by a targeted application 370. Additionally, adaptor 320 is configured to convert the specific object language of application 370 into a generic model according to an embodiment.
• Elements of one or more embodiments of the system 310 may be situated behind a fire wall 390 with respect to the servers 380, as is the case with the embodiment illustrated in FIG. 3.
• adaptor 320 may be positioned on either side of firewall 390 relative to the monitored end users 360.
• elements of a unitary embodiment of the adaptor 320 may be configured to "straddle" the firewall 390.
• the adaptor 320 is co figured to collect date characterizing usage ("usage data") of the SaaS applications 370 hosted on the one or more servers 380 by the end users employing the client devices 360.
• the collected data is subsequently stored in the storage module 330.
• the processor 340 is configured to determine, based on the stored data, at least one usage rating for each of the client, devices 360 (i.e., end users) and/or plurality of software applications 370. The determined usage rating is then made viewable via an output device 350, such a a display or printer, for example.
• an adaptor 320A of an embodiment may include a plugiti handler 410 and a Representational State Transfer (R EST) API handler 420 configured to respectively and communicatively interface with a plugm 430 and REST API 440 associated with an application 370.
• R EST Representational State Transfer
• an adaptor 320B of an embodiment may include a network agent handler 510 and a log agent handier 420 configured to respectively and communicatively interface with one or more network agents 540 and log processing agents 550 associated with a local-area network (LAN) 530 of which the client devices 360 are constituent elements.
• LAN local-area network
• the adaptor 320B to collect data characterizing the usage of an application 370 by one or more client devices 360 from elements of the LAN 530 (which may be behind a firewall 390 relative to a server 380 hosting the application) rather than the application itself.
• an adaptor 320C of an embodiment may include a proxy handler 610 configured to communicatively interlace with the client devices 360 and application 370, Such an arrangement enables the adaptor 320C to collect directly from one or more client devices 360 and application 370 data characterizing the usage of such application by the one or more client devices.
• FK-i . 1 1 illustrates a system 1 1 10 according to an alternative embodiment of the invention, and the elements illustrated in FIG. 1 1 may be identical, or otherwise function in a manner similar, to elements described above with reference to FIGS. 2 and 3.
• System 1110 includes a collection module 1 120, which may include a memory device, such as a storage module 330, and a processing module (processor) 340.
• the collection module 1 120 in a manner at least analogous to that of adaptor 320, is configured to interact with a set of client devices 360 employed by end users and/or a plurality of software applications 370 (/. ⁇ ?., SaaS applications) hosted on a network including one or more servers 380.
• System 11 10 may further include an application programming interface (API) 1 130 and an instrumenting SaaS application 1 140.
• API application programming interface
• the collection module 1 120 is configured to collect data characterizing usage ("usage data") of the SaaS applications 370 hosted on the one or more servers 380 by the end users employing the client devices 360, which may all belong to a client entity (not shown).
• this usage data is a subset of a more- complete data set describing use of client devices 360 and/or applications 370 that may otherwise be made available by the client entity.
• the API 1 130 is configured to enable the client entity to define this data subset and proaetively publish (i.e., push), without enabling response to requests for (i.e., pulling of), the data subset to the collection module 1 120, thereby giving the client entity much greater control over what data is provided and what data is not.
• the instrumenting SaaS application 1140 is configured to instrument other SaaS applications 370.
• Application 1 1 0 can collect data regarding how applications 370 are being used, such as who is using the applications, how much the applications are being used, which parts of those applications are being used, which objects are being used, etc. This information can be used, firstly, to measure adoption, and secondly to measure user behavior to enable the client entity to make more informed decisions on which applications to make available and to whom they should be made available.
• the collected data is subsequently stored in the storage module 330.
• the processor 340 is configured to determine, based on the stored data, at least one usage rating for each of the client devices 360 (Le., end users) and/or plurality of software applications 370. The determined usage rating is then made viewable via an output device 350, such as a display or printer, for example.
• the embodiments illustrated and described above are configured to collect a variety of usage siatistics from multiple SaaS applications 370. As above alluded to, these statistics may come from the SaaS applications themselves, via communication directly with the application, application REST APIs or application pUigins, agents monitoring network traffic, system logs, application logs, network logs, VPN logs, firewall logs, network proxy services, application-user email, and/or company billing systems. [00511 The collected usage statistics may be unique for each application 370 and could include items such as:
• the multiple methods of collection allow one or more embodiments to capture data across a variety of client devices 360 and/or through integration with SaaS vendors' logs and associate with specific users, resulting in device- and location-independent usage statistics.
• AH usage data collected by adaptor 320 may be stored in storage device 330 for future retrieval and analysis.
• Storage device 330 may consist of one or more of a relational database, " oSql" type database, and flat files. Given the variety of SaaS applications 370 and data types collected, an embodiment may use some combination of semi-structured or unstructured data stores such as oSql databases and .flat files .
• data stored in device 330 is analyzed and formatted by an analytic engine, according to an embodiment, executed by processor 340 and using metadata associated with applications 370 and or a behavioral model associated with one or more of end users 360, Such data may be retrieved and analyzed in a distributed manner.
• techniques may i nc l ude big data frameworks such as MapReduce.
• a variety of usage analytics may be computed for applications 370:
• An embodiment may classify an application user 360 over a specified unit time period (e.g., one day) as follows;
• a embodiment can also compute a normalized usage rating that allows for easier comparison between applications. For a given user; Ux, a usage rating for thai user 360 over N number of unit time periods can be com uted according to Equation 1 ;
• a usage rating for the organization with M application users 360 may be computed according to Equation 2:
• an embodiment can combine usage analytics of the underlying applications to create new usage analytics for the mashup application.
• KPIs average accumulated Usage Index and Activity Level
• Subscriptions that should undergo calculation are those subscriptions that have assignee with utilization criterion other than zero (0).
• Criteria may be pro vided in the form of predefined templates: 00901 Template 1 :
• ⁇ number of 1ogins> can be in the range of 1 , . 9
• mimber> of ⁇ period> can be in the range of .1 .. 9
• ⁇ period> can be represented by Day, Week, outh
• Solution provides users with a set of predefined criteria, such as
• an embodiment provides customers with a wide range of predefined Usage Utilization criteria. Customers are allowed to define their own Usage Utilization criteria.
• Activity Level is equal to:
• an embodiment calculates accumulated DayLogins by:
• Aft embodiment may take into account that statistics should be accumulated in the very beginning, if number of working days in statistic sample is still less than "expected period * 2" the result of the calculation may not be shown to the user. Usage index and Activity Level in these cases should be equal to the number (for instance, negative) that tells client not to show the value in the UI.
• Job that calculates average accumulated KPls may run for every organization's time zone at midnight. For nonworking days the job may behave differently for the two following cases:
• job may calculate KPls without incrementing the No. of working days in statistic sample.
• customers i.e., an organization of which end users
• An embodiment can provide benchmarking and targeted usage goals for customers.
• An embodiment may be able to combine this information with SaaS license pricing t provide customers with internal SaaS spending budget allocation; to departments, locations and business units.
• an embodiment may compute analytics involving multiple customers" usage data in an anonymk.ed fashion. This allows a embodiment to:
• An embodiment may determine who is using an application for purposes of identifying who are the existing users of each unknown (or even known) application 370, Such firactio may provide information about how many users 360 there are for each application 370 and about their volume of usage.
• An embodiment may integrate the above-described information for analysis by processor 340.
• An embodiment may be configured to generate a list of "known users" against which to compare collected data. This could be achieved by examining user database such as Active Directory or LDAP, which would then be compared to the discovery described above. Reports to output device 350 may then be generated. One class of reports could then be based o SaaS usage that does not match with this list of users.
• An embodiment includes a method to discover which paid applications are in use withi the organization by users 360.
• the basic consideration is that every SaaS provider sends periodic invoices to its customers via email; invoices are obvious proof of the organization using a service.
• a embodiment may extract information about which SaaS applications 370 have been contracted for by end users 360 at that customer.
• One such embodiment is by comparing an email database to invoice emails sent by known SaaS vendors.
• An embodiment may then find SaaS services contracted for, and match them to users 360 (the users to which the emails are addressed).
• Those users 360 are also the "internal owners" of those services, because they are the billing counterparts'' for the SaaS vendor.
• An embodiment is able t recognize invoices sent by specific vendors.
• the output may be a list of all those invoices that an embodiment recognizes that are from SaaS vendors providing services to the organization.
• An embodiment may extract at least some minima! information from the content of the invoices, such as the total amount due and invoice date. [00163]
• An embodiment may also be able to determine the number of licenses purchased, their duration or renewal and other relevant data.
• email received in the past year is screened since all vendors, even the ones with multi-year plan, send at least one invoice year to their customers.
• An embodiment collects this information and presents it to customers after the initial analysis and without need to wait for a customer to run an embodimeni for a few weeks in order to perceive some value. It would also prove history of billing for the same customer by the vendors.
• an embodiment may present a list of users 360, a detail of the applications 370 in use and the amount spent in the past and/or forecast to be spent in the future.
• An embodime t monitors what applications 370 are being used to enable customers to improve their efficiency and spending.
• An embodiment provides analytics and reporting related to the utilizatio of SaaS licenses, which will help companies with budgeting and expense control.
• An embodimeni may collect and store SaaS application user and matching license information. Linking this dat with usage analytics will allow for advanced subscription management including addition/removal of licenses, assignment of licenses, license renewals, reporting of unused licenses, and reporting of improperly assigned or allocated licenses.
• a embodiment can compute license spending efficiency thai shows how much SaaS spending of the organization that includes users 360 is remaining idle at any given time and help them plan to minimize the waste, as is illustrated in FIG. 10,
• An embodiment may collect and store SaaS application 370 pricing models. This information may come from multiple sources including public-ally available sources and anoriymized information from customer licensing data. An embodiment can the provide a variety of analytics on these SaaS pricing models and how they impact a customer's deployments. Two examples incl ude computing the optimal cost of an application for a company based on usage and computing the optimal cost for multiple applications in the same category (e.g., showing a company their optimal deployment of three different SaaS storage applications 370 based on the available licensing and types of usage across the company),
• An embodiment may provide mechanisms for provisiomng de- provisioning users on the managed SaaS applications 370.
• This provisioning information could be entered into an embodimeni directly or it could come through integration with user databases such as Active Directory or LDAP,
• An embodiment may provide employee life-cycle management of SaaS applications 370.
• An embodiment may monitor employees' status at the company via their SaaS provisioning and usage.
• An embodiment may be able to provide reports and alerts if, for example, an employee is de-provisioned in one or more applications 370, as that may be a sign they have left the company and they need to be de-provisioned in other applications.
• An embodiment may use the data collected from within an organization, in order to benchmark that organization to others. This will show the organization where it stands wit respect to its efficiency in utilizing SaaS applications as compared to its peers.
• An embodiment may include "time and motion" analysis.
• a large component of the cost of software is, besides the licensing cost , the cost of the time spent by its users.
• An embodiment ma measure how efficient software is at enabling users to do their jobs. For example, what is the optimal time spent by a salesperso on salesforce.com? This is because the cost of a salesforce.com license is not just the up- front software cost, but also the cost of the time spent by salespersons entering data and looking up reports. How much input does the software require and at what cost? For this cost, of input, what outputs does the software enable?
• an embodiment may enable users not just to bring their own devices (BYOD), but also allow them to choose which SaaS applications they prefer to get their jobs done (BYOSHBring your own SaaS).
• BYOD own devices
• an embodime t may provide a means for all those users to share one logi , thus enabling the organization to cut down o its software costs,
• An embodiment may provide usage analytics services to multiple customers, in this case a system integrator (SI) will have a higher-level view of usage of applications by several of its enterprise customers. Si's customers have to be completely separated from a logical point of view and not able to see each other, while on the other hand the SI shall be limited in viewing usage only for a subset of the Enterprises" applications.
• SI system integrator
• an embodiment may sync the users 360 and be able to provision and de-provision users.
• This is a lightweight provisioning system that completely bypasses the traditional SSO-Identity Management model, in addition, once an embodiment uniquely identified a user 360 through his/her email address (the unique identifier) an embodiment can then connect/provision that user to any application 370 an embodiment is integrating with resulting in automatic lightweight two-way provisioning,

Landscapes

• Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Theoretical Computer Science (AREA)
• Business, Economics & Management (AREA)
• General Engineering & Computer Science (AREA)
• Accounting & Taxation (AREA)
• Computer Hardware Design (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Computer Security & Cryptography (AREA)
• Software Systems (AREA)
• Finance (AREA)
• Technology Law (AREA)
• Multimedia (AREA)
• Development Economics (AREA)
• Economics (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Computing Systems (AREA)
• Human Computer Interaction (AREA)
• Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Applications Claiming Priority (2)

Publications (2)

Family

ID=53800634

Family Applications (1)

Country Status (2)

Family Cites Families (5)

• 2015
  • 2015-02-12 WO PCT/US2015/015694 patent/WO2015123458A1/en active Application Filing
  • 2015-02-12 EP EP15749466.7A patent/EP3105654A4/de not_active Withdrawn

Also Published As

Similar Documents

Legal Events